So if you haven't noticed, the entire cryptocurrency mining thing has become a bit of an absurd stage play over the last few months. From gamers being unable to buy graphics cards thanks to miners hoping to cash in on soaring valuations, to hackers using malware to covertly infect websites with cryptocurrency miners that use visitors' CPU cycles without their knowledge or consent. As an additional layer of intrigue, some websites have also begun using such miners as an alternative to traditional advertising, though several have already done so without apparently deeming it necessary to inform visitors.

At the heart of a lot of this drama is crypotcurreny mining software company Coinhive, whose software is popping up in both malware-based and above board efforts to cash in on the cryptocurrency mining craze. Coinhive specifically focuses on using site visitor CPU cycles to help mine Monero. The company's website insists that their product can help websites craft "an ad-free experience, in-game currency or whatever incentives you can come up with." The company says its project has already resulted in the mining of several million dollars worth of Monero (depending on what Monero's worth any given day).

The Meltdown and Spectre vulnerabilities are proving difficult to fix, and initial experiments suggest security patches will cause significant performance penalties to HPC applications. Even as these patches are rolled out to current HPC platforms, it might be helpful to explore how future HPC systems could be better insulated from CPU or operating system security flaws that could cause massive disruptions. Surprisingly, most of the core concepts to build supercomputers that are resistant to a wide range of threats have already been invented and deployed in HPC systems over the past 20 years. Combining these technologies, concepts, and approaches not only would improve cybersecurity but also would have broader benefits for improving HPC performance, developing scientific software, adopting advanced hardware such as neuromorphic chips, and building easy-to-deploy data and analysis services. This new form of “Fluid HPC” would do more than solve current vulnerabilities. As an enabling technology, Fluid HPC would be transformative, dramatically improving extreme-scale code development in the same way that virtual machine and container technologies made cloud computing possible and built a new industry.

For the last three years or so, Red Hat has been on a collision course with CoreOS, with both firms aiming to grow their respective Kubernetes platform. On Jan. 30, the competition between the two firms ended, with CoreOS agreeing to be acquired by Red Hat in a $250 million deal.

Canonical's Mir team has released Mir v0.30 as the latest version of this display server that for the past year has been retooling itself with Wayland protocol support.

With today's Mir 0.30 release, they have continued on their Wayland conquest and are offering better support for Wayland protocols. Some of the Wayland changes in Mir 0.30 include a client connection change to allow Wayland clients to work on Unity 8, a keyboard state change to fix switching between clients, multiple crash fixes, and experimental support for the XDG-Shell v6 protocol.

NVIDIA has begun work on sending out patches for upstreaming Tegra194 "Xavier" SoC support within the Linux kernel.

Xavier is NVIDIA's successor to the Tegra P1 and will begin sampling this quarter. Xavier makes use of a custom ARMv8 eight-core CPU, Volta-based graphics with 512 CUDA cores, integration of the DLA tensor processing unit, and is manufactured on a 12nm FinFET process. Xavier should be a mighty powerful SoC for their self-driving car systems and other "edge computing" use-cases.

While Mesa 18.0 should be released in the days ahead as the latest feature release to Mesa 3D, backporting of fixes/improvements to Mesa 17.3 isn't letting up. For those using this stable series from last quarter, Mesa 17.3.4 is out today with nearly 100 changes.

Even though the idea of ‘serverless’ has been around since 2006, it is a relatively new concept. It’s the next step in the ongoing revolution of IT infrastructure that goes back to the days when one server used to run one application.

Spirent Communications joined the Linux Foundation Networking Fund (LFN), an umbrella group created by The Linux Foundation for its various networking initiatives. Spirent said it's the first test product vendor to support the development of a new Open Source ecosystem for telecom service assurance. Open Networking Automation Platform (ONAP), Open Platform for NFV and OpenDaylight gained widespread endorsement in 2017 from service providers, as de facto industry standards.

The Linux Foundation, the nonprofit focused on open source innovation, has announced a new event with a cumbersome name: “Open FinTech Forum: AI, Blockchain, Kubernetes & Quantum on Wall Street” (aka OFTF). It will take place on October 10-11, 2018 in New York City.

For several years, linux.conf.au, a week-long conference (held this year from January 22-26), has held "miniconfs" offering space for tech community niche groups to share their inventions and ideas. In 2018, 12 miniconfs were held on the first two days of the conference, and the Art + Tech miniconf took the concept to the next level with an entire day of 11 talks about making art with tech, as well as an art exhibition head during the conference. This miniconf was organized by blue ribbon award-winning knitter Kris Howard.

Disclaimer: Some of the links in this article contain mature content. As Kathy Reid, Linux Australia president, said: "Significant art is often contentious, because it challenges who we are and the notions we hold of ourselves. Our job here is to allow that art to be shown, while creating a safe environment for those who do—and do not—wish to view it."

Fedora developers are now discussing the possibility of naming a release manager each development cycle as a person in charge of wrangling together each release and seeing that the "Rawhide" development state is kept in better condition. Who knows, this also might actually help Fedora's longtime trouble of delivering releases on time.

Fedora Project Leader Matthew Miller started the mailing list discussion today about whether they should have a release manager each release cycle. His latest motivation for thinking about this is they haven't had a successful nightly compose of the latest Fedora Rawhide development state in about two weeks. While Red Hat employs QA and release engineering folks working on Fedora, their development tip isn't always kept in a release-able state unlike Ubuntu daily ISOs and some other Linux distributions.

"We want to be able to focus our engineering efforts on the things that matter most to our users, and in order to do that we need to get some more data about sort of setups our users have and which software they are running on it," explained Will Cooke, the director of Ubuntu Desktop at Canonical.

To gather that information Cooke proposed adding a checkbox to the Ubuntu installer that says something like "Send diagnostics information to help improve Ubuntu". "This would be checked by default" Cooke wrote.

Canonical announced plans to roll out a user data and diagnostics collection system with Ubuntu 18.04 LTS (Bionic Beaver). This new system will collect data on the user's OS details, hardware setup, apps and OS settings.

"We want to be able to focus our engineering efforts on the things that matter most to our users, and in order to do that we need to get some more data about sort of setups our users have and which software they are running on it," said Will Cooke, Director of Ubuntu Desktop at Canonical.

In Part 2 of this series, I demonstrated loading and running the Things Gateway by Mozilla software onto a Raspberry Pi. I showed how to use a DIGI XStick, which implements the Zigbee protocol, to run a light bulb and smart plug.

The kit (which doesn’t include a Raspberry Pi) costs $189, and is available now. While that may seem like a pretty penny to make speakers wireless, it’s actually a steal, especially when you consider the fact that it features an integrated 4-channel amp in addition to a high-fidelity DAC. In fact, many project-oriented audio enthusiasts may start looking around for some older B&O models, just for the opportunity to try the project out.

There's been a lot of activity in xorg-server Git the past few days, making it look like the developers may be trying to wrap up the very long X.Org Server 1.20 cycle. The latest major feature work landing is GLXVND.

GLXVND is the feature work spearheaded last year by NVIDIA for what is effectively "server-side GLVND", or taking their OpenGL Vendor Neutral Dispatch Library approach from the user-space OpenGL drivers and applying the same concept to allowing multiple GLX modules to happily co-exist on the same running X.Org Server.

David Egts, chief technologist for Red Hat’s public sector, told MeriTalk in an interview published Wednesday that lift and shift, augment with new layers and rewrite are three approaches government agencies and companies can adopt to modernize aging applications.

Egts said the effectiveness of the approaches depends on the application, contextual factors and business and that agencies should work with system integrators that help execute those three app migration approaches.

Anderson credits Nokia's rise in value to its two-pronged strategy. On the one hand, there's the core Networks business – which, despite a recent slowdown, has done well and could see a boost from ensuing 5G rollouts – and, on the other, the company's lucrative and fast-growing tech licensing operation.

[...]

Nokia Technologies, the company's patent licensing business, has become a major revenue source for Nokia, which has even turned to third party litigation specialists to help secure a portfolio of patents dating back to the company's heyday (Nokia ranked 9th on Brand Finance's list in 2008).

It is important to talk about Android at Linux conferences like linux.conf.au, Peter Serwylo said to start his talk. Android is deployed on millions or billions of devices, but it does suffer from some problems that F-Droid, an alternative Android app store, tries to address. The title of his talk noted that F-Droid is private, secure, free, and open, all of which are desirable traits for many in our community.

Serwylo got interested in Android because it was running on the first smart device he ever owned. He chose Android because he was getting interested in free software and recognized that Android was a well-supported version of Linux that was available on lots of different devices. But he found that the Android experience was not quite the "Linux experience that you are used to".

With great joy we are finally offically announcing the Debian MiniDebConf which will take place in Hamburg (Germany) from May 16 to 20, with three days of Debcamp style hacking, followed by two days of talks, workshops and more hacking. And then, Monday the 21st is also a holiday in Germany, so you might choose to extend your stay by a day! (Though there will not be an official schedule for the 21st.)

I think the lamest part of my current job is that we heavily rely on multifunction printers. We need to print a high volume of complicated documents on demand. You know, 1500 copies of a color booklet printed on 11x17 paper folded in 3 stapled in the middle kind of stuff.

Pardon my French, but printers suck big time. The printer market is an oligopoly clusterfuck and it seems it keeps getting worse (looking at you, Fuji-Xerox merger). None of the drivers support Linux properly, all the printers are big piles of proprietary code and somehow the corporations selling them keep adding features no one needs.

The past six months have seen cryptocurrencies such as Bitcoin and Ethereum go from rounding errors in the global economy to center stage at mainstream banking conferences. Much of the current fervor concerns the skyrocketing valuations of cryptocurrencies and tokens, and using them as an investment. All this has an interesting backstory—one with roots in an open organization effort attempted two years ago: The DAO.

Karen Sandler has been giving conference talks about free software and open medical devices for the better part of a decade at this point. LWN briefly covered a 2010 LinuxCon talk and a 2012 linux.conf.au (LCA) talk; her talk at LCA 2012 was her first full-length keynote, she said. In this year's edition, she reviewed her history (including her love for LCA based in part on that 2012 visit) and gave an update on the status of the source code for the device she has implanted on her heart.

Sandler is the executive director of the Software Freedom Conservancy (SFC); she is also a lawyer, but "I do all of my legal work for good now", she said with a chuckle. She does pro bono work for FSF and the GNOME Foundation, for example. She asked how many in the audience had attended LCA 2012 in Ballarat, which turned out to be around one-third (interestingly, the number of first-time attendees was nearly the same).

Simon was co-host of FLOSS Weekly 471, which featured the ScanCode Toolkit. ScanCode analyses a source package and lists what licenses are found in it. The toolkit can be used as part of a larger solution and together with the new AboutCode Manager provides open source compliance staff with an easy way to know what licenses they are actually dealing with.

An apparent linux.conf.au tradition is to dedicate a keynote slot to somebody who is applying open-source principles to make the world better in an area other than software development. LCA 2018 was no exception; professor Matthew Todd took the stage to present his work on open-source drug discovery. The market for pharmaceuticals has failed in a number of ways to come up with necessary drugs at reasonable prices; perhaps some of those failures can be addressed through a community effort.

Todd started by noting that he must normally begin his talks by selling open source to a room that is hostile to the idea; that tends not to be a problem at LCA. The chemistry community, he said, is playing catch-up, trying to mimic some of the things that the open-source community has done. The first step was to apply these principles to basic research before moving on to drug discovery; the latter proved to be harder, since it's typically a process that is shrouded in secrecy.

Integrated Rule-Oriented Data System (iRODS) is used across the globe in industries ranging from the life and physical sciences to media and entertainment, but the software’s origins can be traced back over two decades to a team at the San Diego Supercomputer Center (SDSC) and a project known as the Storage Resource Broker (SRB).

ArangoDB, a leading provider of native multi-model NoSQL database solutions, today announced the latest findings of its open source NoSQL performance benchmark series. To enable vendors to respond to the results and contribute improvements, ArangoDB has published the necessary scripts required to repeat the benchmark. The goal of the benchmark is to measure the performance of each database system when there is no cache used. The benchmark is completely open source and therefore driven by community input.

Following the recent announcement that the global software firm is open source, Altibase says it “directly challenges” the other companies by providing equal functionality at a much lower cost. Customers will save money by not having to buy in-memory and disk-resident databases separately, says Altibase. It can easily replace or supplement Oracle as well.

Only months after debuting the Freedom U540, the world's first Linux-compatible processor based on the open-source RISC-V chip architecture, RISC-V chipmaker SiFive has surprised the open-source community again by unveiling a full development board built around the ISA.

Called the HiFive Unleashed, the new development board is built around SiFive's Freedom U540, which is based on the company's U54-MC Coreplex. The chip is a 64-bit, 4+1 multicore processor that fully supports Linux, as well as other operating systems such as FreeBSD and Unix. The development board itself features a 8GB of DDR4 with ECC, a gigabit ethernet port, 32 MB of quad SPI flash memory, a MicroSD card slot, and an FPGA mezzanine card (FMC) connector for allowing peripherals and other expansion devices to be attached to the board.

Digital transformation and the proliferation of big data are driving a renaissance in software development, requiring new advancements in hardware and processors. With a range of needs from a variety of users and platforms, standard instruction set architectures are no longer fulfilling all use cases as the demand for flexibility and improved performance increases.

“The world is dominated by two instruction set architectures. … Both are great, but … they’re owned by their respective companies. RISC-V is a third entrant into this world … it’s completely open source,” said Martin Fink (pictured, right), chief technology officer of Western Digital Corp. Through the RISC-V initiative, Fink and Dave Tang (pictured, left), senior vice president of corporate marketing at Western Digital, are working to provide an instruction set that can be freely shared to encourage innovation.

In November of last year is when we reported on a Google developer proposing HDCP patches for Intel's DRM Linux driver. In this case, DRM as in the Direct Rendering Manager but HDCP as in the controversial High-bandwidth Digital Content Protection. HDCP is the digital copy protection for DP/DVI/HDMI for preventing HDCP-encrypted content from being played on unauthorized devices.

If you've been around a while, you probably know that Verizon has an adversarial relationship with openness and competition. The company's history is rife with attempts to stifle competing emerging technologies that challenged Verizon's own business interests, from its early attempts to block GPS and tethering apps so users would have to subscribe to inferior and expensive Verizon services, to its attempts to block competing mobile payment services to force users (again) onto Verizon's own, inferior products. And that's before you get to Verizon's attempts to kill net neutrality and keep the broadband industry uncompetitive.

In the earlier years, Verizon had a horrible tendency to lock down its devices to a crippling and comical degree. But with the rise of net neutrality, competition from carriers like T-Mobile, and open access conditions affixed to certain spectrum purchased by Verizon, the company slowly-but-surely loosened its iron grip on mobile devices. But let's be clear: the company had to be dragged, kicking and screaming, into the new, more open future we all currently enjoy, where (by and large) you can install whatever apps you like on your device, and attach most mainstream devices (with some caveats) to Verizon's network.

That's why more than a few eyebrows were raised after Verizon gave CNET the early exclusive news (apparently in the hopes that they'd frame it generously, which they did) that the company will soon be locking down its smartphones as part of a purported effort to "combat theft." Carriers have been justly criticized (and sued) for doing too little to prevent theft, in part because they profit on both sides of the equation -- both when a customer comes crying to Verizon to buy a new phone, and when the user with the stolen phone heads to Verizon to re-activate it on a new line.

If you check the processes running on your Linux systems, you might be curious about one called "kerneloops". And that’s “kernel oops”, not “kerne loops” just in case you didn’t parse that correctly. Put very bluntly, an “oops” is a deviation from correct behavior on the part of the Linux kernel. Did you do something wrong? Probably not. But something did. And the process that did something wrong has probably at least just been summarily knocked off the CPU. At worst, the kernel may have panicked and abruptly shut the system down.

We are happy to announce Mozilla's latest tool for creating VR content, Unity 3D WebVR Assets. It is free to download and available now on the Unity Asset Store. This tool allows creators to publish VR experiences created in Unity and shared on the open Web, with the power of a URL or link. These experiences can then be viewed with any WebVR-enabled browser such as Firefox (using the Oculus Rift or HTC VIVE) and Microsoft Edge (using a Windows Mixed Reality headset).

We are happy to announce our latest tool by Mozilla, Unity WebVR Assets. It is free to download and available now on the Unity Asset Store. This tool allows creators to publish and share VR experiences they created in Unity on the open web, with a simple URL or link. These experiences can then be viewed with any WebVR enabled browser such as Firefox (using the Oculus Rift or HTC VIVE) and Microsoft Edge (using a Windows Mixed Reality headset).

Well, well, remember when I told you - the more desperate Mozilla gets vis-a-vis its market share, the more aggressive they will get with pushing "quality" content onto its users? I did, I did. Well, the bonfires of the Mr. Robot fiasco have hardly cooled, and now there's a new drama developing. Mozilla will start rolling a pilot that tests sponsored stories in the Pocket recommendations section on the New Tab page.

Since I'm usually a blithely cheerful chap, I'm actively looking for stories to sour my mood, and so I was excited (this is sales lingo, we will get to that) to read this announcement. After all, writing about how everything is peachy and efficient and good in the tech world is boring, we need these little burdocks of greed to make things complicated. After me, pioneers.

[...]

Actually, it does not take a wizard to figure things out. Just look what happened in the past five years, ever since the mobile world exploded. For instance, thinking wildly about some rather common examples, Windows 7 to Windows 10, and the amount of pesky, online and telemetry stuff. Just compare Skype 7.40, the last classic version. and the toy factory moronity that is Skype 8. Windows Control Panel to Windows Settings. Gnome 2 to Gnome 3. Oh, Firefox 3.6 to Firefox whatever.

What you see is that menus get deeper and deeper and deeper and more obfuscated, with focus on aesthetic minimalism (mobile) that goes directly against user intuition and efficiency. You need more and more actions and mouse clicks to achieve the same results you could half a decade before. Now imagine what will happen in five or even ten years. Consider yourself lucky you were there to witness the early days of the Internet, when it was still all naive and innocent and not just pure money.

[...]

Some people may assume that I have a personal problem with Mozilla and Firefox. Not really. It's just I don't like hypocrisy, and I do not like being herded toward the pen that reads IDIOTS. I fully understand that Mozilla needs quiche. Fine, state it upfront. Don't veil it in bullshit. The words privacy, freedom and similar slogans mean nothing when you put them side by side with sponsored stories. You want money, start charging money for your browser. There's nothing wrong with that. And I would gladly pay for a high-quality product - and when needed, I do.

I also wish that we had alternatives - the more the merrier. Alas, the exact opposite is happening. As time goes by, it will become even more difficult to have (supposedly free) products that really cater to their users. The profit slope is a one-way direction. Once you make a margin, you need to make more margin and more margin and more margin. It never stops.

Firefox is a completely different product than it was a decade ago. It's now a big boy, trying to compete in the big arena. There's no room for niceties anymore. The only thing you can do is try to prepare for the inevitable day when this salesy nonsense becomes too much, so when you do switch, you try to do it elegantly and smartly. I cannot guarantee there's actually going to be a nice and peaceful browser for you out there when that moment comes, so if you want to sleep all relaxed, don't. The old Internet is dying, and the future does not belong to you and me or anyone willing to read this entire article without skipping words. The best you can do is play the game, so at the very least, you will be a rich idealist one day rather than a poor user. Or better yet, a rich loser rather than a poor user.

A fairly notable update to the Rust programming language compiler and its components is available today.

With Rust 1.24 first up is a preview release of rustfmt, an official utility for formatting Rust code. Rustfmt applies a standard style of formatting to existing Rustlang code and is similar to the other LLVM-based code formatters.

Britain has formally blamed Russia for the NotPetya ransomware attack in June last year, with Foreign Office Minister Lord Ahmad saying the decision "underlines the fact that the UK and its allies will not tolerate malicious cyber activity".

"Outlook attempts to open the pre-configured message on receipt of the email. You read that right - not viewing, not previewing, but upon receipt. That means there's a potential for an attacker to exploit this merely by sending an email."

In recent days, Satori has started infecting routers manufactured by Dasan Networks of South Korea. The number of daily infected routers is about 13,700, with about 82 percent of them located in Vietnam, a researcher from China-based Netlab 360 told Ars. Queries on the Shodan search index of Internet-connected devices show there are a total of more than 40,000 routers made by Dasan. The company has yet to respond to an advisory published in December that documented the code-execution vulnerability Satori is exploiting, making it possible that most or all of the devices will eventually become part of the botnet.

The more things change, the more they stay the same. That may sound cliché, but it's still as true for the firmware that boots your operating system as it was in 2001 when Linux Journal first published Eric Biederman's "About LinuxBIOS". LinuxBoot is the latest incarnation of an idea that has persisted for around two decades now: use Linux as your bootstrap.

On most systems, firmware exists to put the hardware in a state where an operating system can take over. In some cases, the firmware and OS are closely intertwined and may even be the same binary; however, Linux-based systems generally have a firmware component that initializes hardware before loading the Linux kernel itself. This may include initialization of DRAM, storage and networking interfaces, as well as performing security-related functions prior to starting Linux. To provide some perspective, this pre-Linux setup could be done in 100 or so instructions in 1999; now it's more than a billion.

More in Tux Machines

Linux: To recurse or not

Linux and recursion are on very good speaking terms. In fact, a number of Linux command recurse without ever being asked while others have to be coaxed with just the right option. When is recursion most helpful and how can you use it to make your tasks easier? Let’s run through some useful examples and see.

today's leftovers

MX Linux Review of MX-17. MX-17 is a cooperative venture between the antiX and former MEPIS Linux communities. It’s XFCE based, lightning fast, comes with both 32 and 64-bit CPU support…and the tools. Oh man, the tools available in this distro are both reminders of Mepis past and current tech found in modern distros.

Samsung stopped the distribution of the Android 8.0 Oreo operating system update for its Galaxy S8 and S8+ smartphones due to unexpected reboots reported by several users.
SamMobile reported the other day that Samsung halted all Android 8.0 Oreo rollouts for its Galaxy S8/S8+ series of Android smartphones after approximately a week since the initial release. But only today Samsung published a statement to inform user why it stopped the rollouts, and the cause appears to be related to a limited number of cases of unexpected reboots after installing the update.

The Xen Project is comprised of a diverse set of member companies and contributors that are committed to the growth and success of the Xen Project Hypervisor. The Xen Project Hypervisor is a staple technology for server and cloud vendors, and is gaining traction in the embedded, security and automotive space. This blog series highlights the companies contributing to the changes and growth being made to the Xen Project and how the Xen Project technology bolsters their business.

A few days back I reported on Intel Icelake patches for the i965 Mesa driver in bringing up the OpenGL support now that several kernel patch series have been published for enabling these "Gen 11" graphics within the Direct Rendering Manager driver. This Icelake support has been quick to materialize even with Cannonlake hardware not yet being available.

Introduced as part of LunarG's recent Vulkan SDK update is the VLF, the Vulkan Layer Factory.
The Vulkan Layer Factory aims to creating Vulkan layers easier by taking care of a lot of the boilerplate code for dealing with the initialization, etc. This framework also provides for "interceptor objects" for overriding functions pre/post API calls for Vulkan entry points of interest.